As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option is an Information Handling System (IHS). An IHS generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes. Because technology and information handling needs and requirements may vary between different applications, IHSs may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in IHSs allow for IHSs to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, global communications, etc. In addition, IHSs may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
In many situations, an IHS (e.g., a client) may need to communicate with another IHS (e.g., a server) securely. Authentication of a client identity may take place, for example, with credentials provided over an encrypted interface. For instance, it is common for a client to set up a secure connection with a server and then prove user identity through a username and password. These credentials are referred to as “symmetric” because the same information is shared between the client and the server.
On the other hand, when asymmetric credentials are used, the infrastructure only needs a database of public keys that do not require heightened protection. Also, when public keys are put into a certificate, it is not necessary to pre-provision a database of client keys. As such, the use of asymmetric credentials can simplify system initialization and provisioning.
The inventors hereof have recognized that utilizing asymmetric key pairs to sign certificates is the new normal for device-to-website or web application authentication. Typically, however, conventional authentication techniques have the arduous downside of requiring a user to enroll each method they want to authenticate with (e.g., username and password, fingerprint, etc.) on every device for every website/application. As such, existing technologies do not scale and are very resource intensive.